Common fields
editCommon fields
editThese fields contain data about the environment in which the transaction or flow was captured.
-
server
-
The name of the server that served the transaction.
-
client_server
-
The name of the server that initiated the transaction.
-
service
-
The name of the logical service that served the transaction.
-
client_service
-
The name of the logical service that initiated the transaction.
-
ip
-
format: dotted notation.
The IP address of the server that served the transaction.
-
client_ip
-
format: dotted notation.
The IP address of the server that initiated the transaction.
-
real_ip
-
format: Dotted notation.
If the server initiating the transaction is a proxy, this field contains the original client IP address. For HTTP, for example, the IP address extracted from a configurable HTTP header, by default
X-Forwarded-For
. Unless this field is disabled, it always has a value, and it matches theclient_ip
for non proxy clients.
client_geoip fields
editThe GeoIP information of the client.
-
client_geoip.location
-
type: geo_point
example: {lat: 51, lon: 9}
The GeoIP location of the
client_ip
address. This field is available only if you define a GeoIP Processor as a pipeline in the Ingest GeoIP processor plugin or using Logstash. -
client_port
-
format: dotted notation.
The layer 4 port of the process that initiated the transaction.
-
transport
-
example: udp
The transport protocol used for the transaction. If not specified, then tcp is assumed.
-
type
-
required: True
The type of the transaction (for example, HTTP, MySQL, Redis, or RUM) or "flow" in case of flows.
-
port
-
format: dotted notation.
The layer 4 port of the process that served the transaction.
-
proc
-
The name of the process that served the transaction.
-
cmdline
-
The command-line of the process that served the transaction.
-
client_proc
-
The name of the process that initiated the transaction.
-
client_cmdline
-
The command-line of the process that initiated the transaction.
-
release
-
The software release of the service serving the transaction. This can be the commit id or a semantic version.